Tier · dangerous

Verdict

Likely scam — do not engage

Our AI analyst read the message body and judged it likely to be phishing.

mailer-daemon@bdix-r.whitelabelwebserver.com

At a glance

AI · 90% phishingDNSBL · 1 list

Risk score

/ 100

malicious

AI analyst

MalwareTips analyst · message material

credential_theft

Fake mail delivery failure notice from obscure domain with a hidden tinyurl link.

Phishing likelihood90%

Spam likelihood10%

Red flags identified

Sender uses obscure whitelabelwebserver.com domain with URIBL blacklist hit and no RDAP record.
Fake bounce message reports undeliverable email to unrelated gmail address using future 2026 date.
Tinyurl.com shortener hides final destination of primary link.
Additional links to lifeandhealthbd.com from suspicious web hosting directory.
Fails all authentication with SPF=none, DKIM=none, DMARC=none.
Microsoft SCL=5 flags it as spam/junk.

What to do

Do not click any links or reply. Delete the email and report it as phishing to your provider.

Why this verdict

Every scoring adjustment, in dominance order. Shows exactly how we got from 100 to the final trust number.

Why this verdict

100 → 33

The scorer starts every address at 100 trust and applies each signal below in turn. Negative deltas are penalties (red), positive deltas are bonuses (emerald). Final clamped trust: 33.

AI analyst flagged 90% phishing likelihood (credential_theft).
ai_phishing_detected
-45
Listed on 1 DNSBL: URIBL.
dnsbl_listed
-15
Message contains a URL shortener — obscures the real destination.
url_shortener_present
-5
AI analyst flagged 10% spam likelihood.
ai_spam_detected
-2

Sender identity

Display name, domain reputation, and authentication checks for the From address.

Display-name impersonation

NO BRAND CLAIM

The display name doesn't resemble any of the top phished brands we track — this isn't a brand-impersonation attempt.

Brand-lookalike radar

No typosquat or homoglyph match against the top 50 phished brands.

Domain age

no RDAP record found

Content evidence

Signals extracted from the message body, embedded URLs, and uploaded screenshot.

Links extracted from this email

3 shown

Each link was scored against a host-level suspicion heuristic. Click Scan link to run our full URL scanner on the destination — it'll show our verdict alongside Google Safe Browsing, VirusTotal, URLhaus, and the others.

tinyurl.comshortener
/48nnu58w
Link shortener host (tinyurl.com) — final destination is hidden
Suspicion
15
Scan link
support.google.com
/mail/answer/81126
Host contains credential-harvest keywords
Suspicion
10
Scan link
lifeandhealthbd.com
/bangkok_hospital_bd/asset/the=
Suspicion
0
Scan link

Infrastructure

MX records, deliverability probe, provider classification, and DNS blocklists.

Deliverability

RFC 5322 syntax valid
1 MX record published
bdix-r.whitelabelwebserver.com
SMTP probe · unknown — SMTP probe disabled (set SMTP_PROBE_ENABLED=true to enable)

Provider classification

Not on our disposable-provider list and not a recognised consumer freemail (Gmail / Outlook / Yahoo etc.) — likely a custom domain.

DNS blocklists

Listed by 1 of 3 blocklists:

URIBL

Reputation

Breach history for this address and the structural identity of the sending domain.

Breach exposure (HIBP)

HIBP_API_KEY not configured

Sender infrastructure

Domain

bdix-r.whitelabelwebserver.com

Domain age

no RDAP record found

Provider

custom domain

MX hosts

bdix-r.whitelabelwebserver.com

Scanned by

Boshman

Scan another

Check a different email address

URL instead?

Check if a link is safe

MalwareTips never stores the raw address. Every input is SHA-256 hashed before persistence — the URL above IS that hash. We keep the local part, domain, and display name separately so the report can render them; the original raw input is dropped after the scan. If you received this email and are worried, do not click any links and do not reply — verify the sender through a known-good channel.